Trusted / Internet zones

Discussion in 'ESET Smart Security v4 Beta Forum' started by Stem, Mar 2, 2009.

Thread Status:
Not open for further replies.
  1. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    Hello,

    I can understand some need to keep popups to a minimal, however, I currently have the firewall on "Interactive mode" and believe there should be a distinction for an applications access to the Trusted zone and Internet zone with a popup/warning of each of the zones access.

    Currently starting a browser with no current ruleset does give a popup for access to the "trusted zone" but when allowed, rules to allow full Internet access are also applied.


    - Stem
     
  2. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    I agree with the need you post but ESS has always worked this way.
    Unless you specify ports and/or zones when granting access on this first pop up, the YES answer will grant all access, regardless of what the browser was actually asking for.
     
  3. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    IMHO, any security application needs to ensure correct wording in the popup and enforce rules based on the popup.

    There should be no need to manually adjust rules for specific zone access. Why have zones if these are simply bypassed due to either an incorrectly worded warning in a popup, or inability of enforcement of the rule/access being directly requested.

    - Stem
     
  4. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
    Just to show you the typical behavior:
    I have a rule that goes like this "Deny all incoming communication for Svchost, TCP and UDP" (see the pic). still I keep getting messages from Eset prompting me to accept TCP traffic from my Network (Trusted Zone).
    It seems that the firewall refuses to enforce that deny all rule that has previously been set.
    Although I have emailed Eset Support, I have never received an answer to this question/behavior.

    (just to clarify, this rule is set in conjunction with the predefined rules of ESS that allow traffic for DNS and DHCP, and before you ask, the computer requesting connection is not my DNS server on the network, which shouldn't be necessary since ESS has a rule for that already set...)
     

    Attached Files:

  5. Stem

    Stem Firewall Expert

    Joined:
    Oct 5, 2005
    Posts:
    4,948
    Location:
    UK
    I will need to look more at this firewall, it does give me interest with some of its filtering as it could be used for a gateway PC facing an ISP LAN.

    As for the rules and enforcement, for svchost, I only had a popup for inbound from the trusted zone (which was a PC set up on ICS (I noted ESS would not allow ICS to be set up automatically, but had to manually add the IP for the ICS gateway and re-boot for the ICS LAN to be seen and alert given), but the rule made for svchost did limit it to the trusted zone, which is what I expected for the outbound rules.

    I have just received a trial key for V4, so will install later and start running some test to see how the firewall behaves (I did have some concerns with the RC build I looked at, but will re-check with this full release)

    - Stem

    EDIT,

    V4 is not on the trial downloads yet, so I will have to wait for the update
     
    Last edited: Mar 2, 2009
  6. MasterTB

    MasterTB Registered Member

    Joined:
    Jun 19, 2007
    Posts:
    547
    Location:
    Paran?, Argentina
Thread Status:
Not open for further replies.